Wireless health services provider settles $2.5 million HIPAA breach

May 02, 2017Washington — The federal government in April settled a potential violation of the Health Insurance Portability and Accountability Act with a health services provider that reported an employee's laptop stolen with more than 1,000 individuals' unsecured electronic protected health information, according to the U.S. Department of Health and Human Services Office for Civil Rights in a news release.

CardioNet, which provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias, agreed to pay $2.5 million and implement a corrective action plan to resolve potential noncompliance with HIPAA Privacy and Security Rules, according to the Office for Civil Rights.

In January 2012, CardioNet reported to the Office of Civil Rights that an employee's laptop was stolen from a parked vehicle outside of the employee's home. The laptop contained the electronic protected health information of 1,391 people.

The Office of Civil Rights conducted an investigation that revealed that CardioNet had insufficient risk analysis and risk management processes in place at the time of the theft, according to a news release. In addition, CardioNet's policies and procedures implementing the standards of the HIPAA Security Rule were still in draft form and had not been put into effect. The Pennsylvania-based company was unable to produce any final policies or procedures regarding the implementation of safeguards for electronic protected health information, including those for mobile devices.

In a news release, the Office of Civil Rights called the settlement "the first involving a wireless health services provider."

The Office of Civil Rights' guidance on the security rule may be found here.

To help dentists implement a step-by-step HIPAA compliance program, the ADA offers the ADA Complete HIPAA Compliance Kit (J598). ADA members can save 15 percent on the HIPAA kit and all ADA Catalog products with promo code 17125 until June 30. To order, visit adacatalog.org or call 1-800-947-4746.